We’ve had way more participants than expected, and two winners :

1. Shirley Chen
2. Nagy Ferenc László

Shirley and Nagy found the secret sentence, without even using the hints.

A special mention for another participant (StalkR) who tried to solve it in the wake of Insomni’Hack 2011, and managed to reach the md5 collision step.

Stay tuned for the official solution!

– the Reverse naM

Just a reminder that the first hint is meant to help you to find the good way with hashes.

Don’t miss the modification, Crypto Girl hates MD5 for this reason !

By the way, challenge’s submission deadline is extended to Nov 13th, 2011.

–

The Reverse naM

Translations:

La fin est encore loin surtout quand on est sur le mauvais chemin !
Wrong track, go back!

La fin est proche, l’anneau est inclus.
Dawn is close, search for the ring.

Mon precieux
My precious

Hint:

-6D01BAE018694CDB446DC7EADBA08BE497A8CBE78BCFE91478AB120B4400E357
-ad23ebc59b720eac0979ead3176de3331ddaa1356466ecc8e8c9fb82f62a6dca
-BCA85F09D8D174844C5D5B80095E6EF595181AAB0CABA9144324418B9F291645
-3EE90318AA2881118B8C09A777D52129E61760CCAE1EF679C744A25E9EB50789
-5868049FE51A60811D2C75C3B8896B956EE42114C568DE47531E436CEA2E0F77

– the Reverse naM

At Insomni’Hack 2011, we created a challenge dedicated to static reversing of Symbian executables (using SDK S60 Ed3 FP1). Sadly, nobody found the full solution, so we finally decided to put it online for you to try, until November 1st, 2011. We will then post the winner’s solution on this blog, along with the ‘official’ solution. To help you out – if needed – this post will be updated with a hint in a few days.

Challenge prize? the winner (first good solution) receives … fame and glory :)) i.e. nothing besides marketing goodies, if desired :D

Challenge steps:

• retrieve the archive here

sha256 => B74D50104499C35EE9544A77A0DD491646991CD2B3780A7571377152A5F65BD0
P@55 => *Dneige

No  username. 7z archive contains an IDA disassembly, an executable, some snapshots and a readme

• find the secret sentence

• send us an e-mail at FORTIChallenge@fortinet.com with the secret sentence and explain the solution you used.

That’s all for today, happy RE !

– the Reverse naM

Update Oct 21 2011: Hint #1

Update Nov 3 2011: Hint #2

Update Nov 15 2011: Results

Mobile phones had already been targeted for a long time (by application sending sms for instance) but since recently (approximately one year) it has been hit by more advanced attacks – probably with the help of cybercriminal organizations.

Their goal is to earn money quickly and for this purpose, they develop a botnet-like infrastructure much like in the PC world, the goal being to dispose of an army of zombie phones. The examples of this trend are Android/Geinimi and Android/DroidDream with their standard features:

• Trojan
• C&C
• Silent install
• …

With such botnets at disposal, cybercriminals can potentially sell ‘underground’ services like sms spam, silent application install (pay-per-install), ‘click jacking’, Black SEO and  other ‘non ethical’ lucrative business. Of course `Extra charges` will end up on the infected user’s monthly bill :( .

On my side I designed and implemented a challenge for the competition. It is based on Symbian OS and the main goal is to practice some ‘static reversing’ on the sample.

This will allow you to extract a secret sentence.
At this time (waiting confirmation from SCRT.CH), it seems that nobody has solved the challenge during the event (6PM to 1AM).

From my point of view I think this is due to several factors:

1. It is difficult to understand the SIS file format or ARM instructions without some help (internet not available during the challenge to the staff’s great displeasure)
2. No specific tools was provided like a sis file explorer or extractor (my fault)
3. I am a ‘n00b’ of challenge writing, so probably I used to much stages/steps for the time that the challengers had
4. Already more than 30 challenges available

Everything will be (un)confirmed by the feedback of competitors (don’t hesitate to post ‘useful’ comments on it).

Some solutions of challenges from Junod itself and other competitors (severals challenges here, the GPGPU reverse and the reverse 2)

– the Reverse naM

First, just like in BlackHat DC 2011, this year’s conference had several talks on smart phones. Good news! I was however slightly surprised they all concerned Android (apart from mine, on Symbian). It is true Android platforms are predominant in hacker communities. I feel it is nonetheless important to remind the latest statistics on the matter:

• In the U.S., Android phones come third (19%) after BlackBerry (31%) and iPhones (28%) (source: Nielsen Wire)
• In France/Italy/Germany/Spain/UK, Android phones (6%) are still way behind Symbian (54%), iPhones (19%), Windows Mobile (11%), RIM (8%) (source: ComScore)
• In Asia, I had more difficulties finding statistics, but it looks like Android comes second (20%) in China, behind Symbian (50%). (ref. ZOL)

I believe Symbian is often disregarded because of its decreasing market sales. But quarterly sales are different from owned devices (we don’t buy a new phone every three months, do we? ) and, also, device’s distribution is quite different from one country to another.

Nevertheless, the talks on Android were very interesting (and I would sure love to get my hands on a new Gingerbread Android phone). I particularly appreciated Scott Dunlop‘s talk and live demo. I am used to decompiling Android samples with dex2jar so as to get Java output, but he had me convinced to try and use smali/baksmali tools and loose less reverse engineering information during the process.

The conference also highlighted password cracking issues, with a keynote from Mudge and the final panel. The problem is far from new, but it is interesting to have up-to-date feedback from hackers who won the Defcon password cracking contest in 2010. They concluded that password policies were mostly counter-productive, and that actually writing down passwords isn’t that bad. Come to think about it, I happen to agree (excepted if you work for a military-grade employer).

Finally, I enjoyed very much the legal-oriented talks of Tara Whalen (Office of the Privacy Commissioner of Canada) and Marcia Hofmann (Attorney at EFF). Such talks show us computer security from another angle and I believe this is always profitable. Tara Whalen covered the case of Google cars inadvertently collecting packets from open Wifi networks. Marcia Hoffman explained in which circumstances the US government is allowed to seize and search computers of its citizens. In both cases, Google case and computer seizures, it is a bit frightening to see there is an enormous gap between the way government deal with computers and what hackers might actually do (for good or evil).

– the Crypto Girl

Among the talks filling the tri-tracks program (Build it / Break it / Bring it on), we’re glad to find our Crypto Girl, Axelle, who will present a paper she co-wrote with Kyle Yang (another regular poster on this blog) on the infamous mobile phone malware Zitmo, that we discovered (simultaneously with Spanish company S21sec) and named last September.

Zitmo stands for “ZeuS in the Mobile”; this offspring of the gang behind the infamous banking credential theft kit named “ZeuS” has the interesting peculiarity of attacking so-called “mTAN” (mobile Transaction Authentication Number), which are sent as SMS messages by many banks to serve as a second authentication factor, when customers want to initiate a financial transaction online.

Axelle will elaborate on the details during the preso, so if you’re around, make sure you attend!

‘I am not a numero!’: assessing global security threat levels – Bryan Lu

Fighting cybercrime: technical, juridical, and ethical challenges – Guillaume Lovet

Botnet-powered SQL injection attacks: a deeper look within – David Maciejak & Guillaume Lovet

It’s the 4th year in a row that Fortinet has had at least one paper in the line-up, but the first time we hit a count of three presentations.

The conference was held last month in Geneva, Switzerland, and was quite exciting (see program here). Despite the economic situation, the number of attendants hit a record high this year – which was perceptible during the keynote presentation, but less so afterwards. It seems as if over time people are considering the conference more as a social and professional networking event than a presentation-driven one.

We did follow some presentations in the corporate and technical tracks, the latter slightly more crowded. There were some nice discussions around current topics such as cloud computing (Marian Radu and Hilda Larina Ragragio from Microsoft) or malware sandboxing (Thomas Mandl Secure Business Austria/IKARUS Security Software, Florian Nentwich IKARUS Security Software, Ulrich Bayer and Engin Kirda from Vienna University of Technology/Institute Eurecom), as well as more traditional static analysis (Elda Dimakiling, Francis Allan Tan Seng and Scott Wu from Microsoft) and botnet history (Erik Wu and Gunter Ollmann, Damballa). I got particularly interested by the in-depth looks at some threats like Koobface (Ryan Flores, Joey Costoya and Jonell Baltazar from Trend Micro) or vulnerabilities like MS08-067. Guillaume also shared a good presentation on poorly-known aspects of fighting cyber-crime. Threats leveraging popular Internet web sites also had the honor of multiple presentations this year (especially Twitter and Facebook).

In the upcoming events, I would love to see more discussion around mobile security. Besides the “iPhone v3 malware vector” presentation (Marius van Oers from McAfee), the only other one was “Mobile malware/security: iPhone in the enterprise,” but unfortunately, it was canceled. Nonetheless, this year’s  vintage of the iconic conference of the AV industry was good, and as always a perfect occasion to put faces on various names (and beers into various faces). I hope the 2010 one will be just as good, so… see you in Vancouver ?